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[57] ABSTRACT 

The present invention relates to a tame automorphism based 
encryption system or scheme. Let K be a finite field of 2 m 
elements. Let 0 4 ,0 3 .0 2 , 0 k be tame automorphisms (see 
above) of the ring K[x^ . . . jwJ. Let the composition be 
rc=0403020r Th e automorphism ti and the factorization 

Jt=0 4 0j0 2 0i are hidden. Let n^ff^x,, . . . j^.,) JW/x x , 

.... x^)). The field K and the polynomials (f, 

f**M*A*i* 0 0). . . . JUfri. • • • 0)) 

will be announced publicly. Let (x\ — jO be the plaintext 

Then the cyphertext will be (/, y'^Xf^x'j .x' n ). 

.... f^xV . . . *'„)). It is easy to find tff'ftyV - - - • 
(see Corollary 2). Therefore, it is easy to recover the 
plaintext (x' t . . . . x'J=*r l 0 2 ~%~%~ fn((ii,. . . . ^'J). 
However without knowing the automorphism n precisely 
and the decomposition k=0 a 0 3 0 2 0 1 , it is very hard to find 
plaintext (x'j. . . . Jt'J. The encryption system or scheme 
may be applied to electronic message transmission, data 
storage, smart card security, and product verification 
applications. 

32 Claims, 3 Drawing Sheets 
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TAME AUTOMORPHISM PUBLIC KEY ments the tame automorphism base encryption algorithm to 

SYSTEM encrypt and decrypt messages either sent electronically or 

encoded physically. 

CROSS REFERENCE TO RELATED a computer would first apply an encryption algorithm of 

APPLICATIONS 5 the present invention to encode a plaintext data ox message 

This application claims the benefits underTnie 35. U.S.C " transmitted de^oiricaUy. The encryrxioo method 

|U9Wtf the U.S. Provisional AppUcation Serial No. Pf^f ^ 01 Tt^ 8 < t Z 

Inn™ fiiAH rw i< ioos electronic medium. The computer system of the rightful 

ou/ws.o/o. ruea uec. to. iw>. owner of the data or the message recipient would decrypt the 

BACKGROUND OF THE INVENTION 10 CH*»tett °y usin 8 ^ tarac automorphism based decryp- 

tion algorithm to extract the original plaintext message. In 

1. Field of the Invention this way. data may be secured, and messages may be 
The present invention relates to public lay cryptography. securely transmitted over the airwaves or an open network. 

2. Related Art l5 BRIEF DESCRIPTION OF THE DRAWINGS 
Cryptography systems or schemes are used to encode ^ ^ 

messages that are either preserved or transmitted The above mentioned and other features and objects of 

electronically, to preserve the privacy and the integrity of the this invention, and the manner of attaining them, will 

messages, as well as to authenticate the originator of the become more apparent and the invention itself wOl be better 

j^.*^ understood by reference to the following description of 

In single key cryptography, or symmetric cryptography, a emb<)diments of the invention taken in conjunction with the 

single key iHseTto EJyJi and" decrypt cXrVmL- accompanymg drawxngs, wherein: 

mitted message according to a pretoermined mathematical FIG. I is a flow chart diagram of a first method of the 

formula. In the single or symmetric cryptography method, present invention; 

the single key must be maintained in secrecy or else the is FIG. 2 is a flow chart diagram of a second method of the 

encrypted data or message may be easily decrypted. present invention; and 

A more secure encryption system involves a two-key FIG. 3 is a schematic diagram of a computer system of the 

encryption method. A typical asymmetric encryption system present invention. 

includes both a public key, a code made generally available Corresponding reference characters indicate correspond- 
to some media, and a private key, a code which is made 30 ^ g part5 throughout the several views. Although the draw- 
available only to the rightful owner of the data or intended represent embodiments of the present invention, the 
recipients of the message. Known asymmetric public key drawings are not necessarily to scale and certain features 
encryption systems include RSA and hybrid PGP systems, ma y be exaggerated in order to better illustrate and explain 
The RSA method uses the RC2. RC4, or RC5 encryption the present invention. The exemplification set out herein 
algorithm. In the hybrid PGP encryption systems, the 3* illustrates ernbodiments of the invention, in one/several 
encryption algorithm initially begins by converting a plain form(s). and such exemplifications are not to be construed as 
text data or message into a cyphertext data and message with limiting the scope of the invention in any manner, 
a "session key" which is the symmetric IDEA method. The 

"session key" is then encrypted with the public key of the DESCRIPTION OF THE INVENTION 

rightful owner of the data or the recipient of the message in «o Thc embodiment disclosed below is not intended to be 

the asymmetric RSA key distribution system, and the recipi- cxhflUStive limit the invention to the precise form dis- 

ent decrypts the session key using the private key to extract dosed m toe following detailed description. Rather, the 

the plain texts from the cyphertexts. embodiment is chose and described so that others skilled in 

In conventional public key encryption systems, the public the art may utilize its teachings. The encryption and decryp- 

key of the user is used to identify a user, to avoid the 45 tlon method of the present invention is not limited to a 

problem of forgeries of data or impostors sending encrypted particular hardware or system configuration, rather may be 

messages where the recipient is deceived into thinking broadly applied in a variety of computer hardware and 

another individual sent the message. To digitally sign a computer software settings. 

message, the sender needs only apply the private key. so -p^ invention involves the preservation of data, authen- 

anyone else can verify the authenticity of the message by *> t^c*, Q f data, and the o-ansraissioo of messages, in digital 

applying the sender's public key. or fomL the data or message is subject to an 

In another application, to avoid the forgery of a product encryption algorithm, and is decoded using decryption al go- 
say U.S. dollar bills, one can select the serial numbers to be rithm. In a public key methodology, one of the two encryp- 
special. say last nine digits all zeros, then uses the private ^ tion keys is made generally available, while the other 
key to encrypt the serial numbers. The detectives can use the encryption key is maintained privately, 
public key to discover forgeries quickly. F iQ t i shows a fl ow chart of a public-private key cneryp- 

However. these various public key encryption algorithms tion scheme. In step 10. the message is encrypted into 

present their own computational difficulties. What is needed cyphertext using a tame automorphism based algorithm, as 

in the art is an improved public key encryption system to & explained in greater detail below. The cyphertext message is 

provide privacy, integrity, and authentication of data and transiruttedinstepI2,somatitisrecdvedms^ 

electronic communications. the cyphertext is decrypted with a private key in step 16. 

again using a tame automorphism based algorithm. 

SUMMARY OF THE INVENTION a similar procedure is shown io FIG. 2.but wito theinitial 

The present invention relates to a tame automorphism 63 encryption step 20 using a private key. Steps 22 and 24 relate 

based public key encryption system or scheme. The present to sending and receiving the cyphertext, with step 26 

invention contemplates a computer program which imple- decrypting the cyphertext with a public key. 



03/15/2004, EAST Version: 1.4.1 



5 ? 740 ? 250 

3 4 

A computer system implementing these steps is depicted PROOF: Trivial, 

in FIG. 3. Computers 32 and 32* include programs 30 and 32' For instance, in the case of four variables, wc have 
which enable the tame automorphism based encryption and 
decryption algorithms. Transmission devices 30 and 30*. 

such as a modem, a smart card (eg., an electronically 5 ^(yi^i^aO^cto-Aito^Xfc^otoW 

preprogrammed debit card), a hard disk fUc system, or a 9" i (y^ ss H-hJ(y%-ha(y*^y^ 

physical item's serial number, may be used to transmit the ' 1 ° * ° 

message. The method of the invention may also be used to 0r l (y»)=yj-*o(y4) 

encrypt data stored on computer 32 or 32 to prevent _ j 

tampering. Although electronic communication is greatly 10 ** 

enhanced by the present invention .the rntfhods of the ^ ^ mc ^ ^ ^ -» & , vcry fast B 

present invention may also be applied to physical commu- . $ hard to ^ dowD ^ lynomials 0 -i (y )t 

mcahons for authentication purposes. In order to establish COROLLARY* 1:. Given the set {/,}. it is <isy to find the 

the encryption algorithm, it is necessary to define the math- vaJues {0 -^ )} ^ induction; first we have 0 | - 1 (y'n)=y'„. 

ematical parameters of the equations used to perform the 15 ^^vely if we have 0f Vm>. - • • <0fV J. then we have 

encryption and decryption. tT'VWrWr'W^ • > ST l WJ*- 



Mathematical Background 



Proof: Trivial. 

COROLLARY 2:. Given the decomposition it^TV^ 1 ^ 0 t 
[I]. Introduction where 0, are tame automorphisms of the above forms, it is 

Let K be a finite field of q=2 m elements. Let KJx^ . . . jtj 20 easy to find JT '(y'i). 

be the polynomial ring of n variables, x x jt„, over K. Proof: As usual n'^U^^ 0f l . It follows from Corol- 

Consider a sequence of automorphisms 0, of K[x x .xj lary 1. 

defined either as. Remark 3 : The inverse map of 1 as polynomials is hard to 

write down because their degrees could be very high as 
CO: = */ + A/t** . . . . O indicated by our later discussions. We can show that if n=2 

(2): 4ri*i) = and deg f 4 i=2. then the highest degree forms of f t , f 3 must 

be powers, up to some non-zero constants, of the same linear 
form and deg f ( . deg f 2 are divisible by the smaller one of 



(«): <>i0O = *. 



or as. the two degrees (cf 1 1M12].[13].[17]). Therefore the inverse 

0 i =invertibie linear transformations 30 & can be recovered inductively by performing further tame 

The automorphisms above are called tame automorphisms. automorphism to cut down the degrees. However, for n£3. 

It is easy to sec that the inverse of a tame automorphism is toe above considerations are no longer valid, 

also a tame automorphism- and is of either the following Remark 4: For o*3. there is no known theorem to 

f 0Tm: decompose an element n in the tame automorphism group 

35 into product of tame automorphisms FI0,. 

(1) *: 4r l (x,) = x, - hix 2 Remark 5: If n£4. let {m,: i=l, . . . ji} be positive 

(2) ': $i l (x 3 ) = jc 2 integers, let I^ be the ideal of the kernels of the maps i m : 

K|x 1( x 2 . . . . .xj to Kit] by 



40 



0 ( _i =invertibie linear transformations 
The group generated by all tame automorphisms is called the then the numbers of the minimal generators of the ideals ^ 
tame automorphism group. It is an open problem in math- are unbounded, (cf [6]). 
eroatics whether the automorphism group of K[Xj. . . . jt J 45 

is the tame automorphism group for n>2. The Public Key System 

Remark 1: The linear transformation 0< can be cither the ■ . , . ^ t _ _ ^ «. 

variables x^. . . ^ is not significant Let n-rift be an ^^^^ublicly the map 7n as polynomials 
element in the tame automorphism group. Tnen we have so P ^ ^ d fec P y 

Let x\, . . . jt' n € K be the plaintext The sender evaluates 
jv^i^i. . . . a) «» fci. . - - ^ or y^X*! {=*Kxd) 31 *'i for me vBtoet of 

t^Otely *> fa W. . . .+ W • ' *»' ^ ** reSUltS * ^ • ' ' ^ eSC ^ * 

55 cyphertext 

Remark 2: In general it is convenient to require that a The legitimate receiver recovers the plaintext by x',=7r 

tame automorphism 0 is either a linear transformation or of ^y-j ( =g( ty l .y , „))=0j" I (0 a " l (y t i)) which can be done 

the following forms in any order of the variables x t j^. easily according to Corollary 2. 

Remarks 6: In general, we may consider rc=0 k . . . 0 2 $i for 
{ £ : = *' + -'*J- y ' 60 the product of k^2 tame autonwrphims. Note that for the 

(Z): w-^s^+m**. » umc automQrphism gjoup of jq Xi . . . . ^j, me unique 

(/)-: <>,(j: ; ) = a, + *-) = y> factorization of an element as a product of tame automor- 

phisms is unknown. For k^3. it is not known that if there are 
(*r:fctO-*»-y- always tame automorphisms 4V¥ 2 such lhat ^=0* . • • 

PROPOSTTION:. Let a tame automorphism 0, be defined 63 Mi^j^i- 
as in the preceding paragraph. We have the inverse 0 ( " 1 (y y ) One possible way to carry out the above Principle is as 
=yy-h^0f 1 ()>*l) 0f ! (y«»- follows: Select nS3 and positive integers s. t. Let the field 
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K be the finite field of 2 m elements. The user selects an enough experiments using x,- to determine y f and then solve 
element ft of the tame automorphism group in the following the system of linear equations in the indeterminate coeffi- 
way, cients to find polynomials g, or (2) apply resultant to 

y 1= f ( {x,. . . . jt M ) to recover plaintext x f or (3) find the maps 
5 0 1 .0 2 directly or (4) use Newton Polyhedron Method to fined 
«i<*i>=«! <*)• the maps 0^. 

, ^ ..^^ „ . . . w . . , Let us discuss the costs involved for the above four ways; 

* WW ** K ** ■ • ' (1) As we pointed out in Remark 2 that the total degrees 

<h(*i>*rtM>*i d*g qfit for j=i, ... jt-i (3)* of are very high, for discussions, we may assume that they 

10 are all of degree 2s. Then there are nx(2s+lX2s+2) . . . 
M'J 8 *. * 4 >* (2s+n-l)/n! possible terms. That is the dimension of the 

f ~„ linear system. We conclude that it takes at least ((l/(n-l)!) 
«'j>=«i0i('M(*i. • ■ i i (2s)")" steps of multiplications to solve the system. In the 

An Example field K. every multiplication takes 2m shift operations. 

15 Totally, it takes 2m((l/(n-l)!)C2sy , ) 2 ■ 5 shift operations to 

Let m=l, n=l01. s=100. Furthermore, let o/*^ *Xioi) solve the system. 

be a homogenous polynomial (which may be zero, if For ^5^^ m our previous example let us use the 
necessary) of degree 4 such that it has the following prop- Sterling Formula and the following approximate estimate, 
erties (1): each variable could appear at most linearly in 
every term. (2): each variable appears either exactly in two 20 

terms or not at all. and let t^(x. l ).s,(x 1 ) be polynomials of x t n£W*r (*) 

of degrees less than 99. Let us consider the following e'sio 3 (2) 

example. then the number of shift operations needed is greater than 

10 AS3 . 

25 Take a fast computer which is capable of execution 10 9 
0 * c *^* t steps per second. Note that 1 year=3,1536x!0 7 seconds. It 

„ will take about 10 10 *. 
+ + ^Ota**^* Usc to elimittate variables %J from the equa- 
tions yr=f,<x, and then solving the equations in last 

As , \om-i Jtl *' = X ' ' * * 101 30 variable x, to get the expressions x/=g,<y t . . . . .y„). 

The known complexity analysis (cf pg 75(61) is 
CHnV^og 2 (dm)). In our example, the number of shift 
operations needed is greater than 10 s09 . A fast computer will 
/ w r ini - nw spend 3X10 452 years to do it. 

• ■ • -*»«)■ far J-2. ■ • - 401 (3) 35 0) ^ ^ ^ ^ ^ fofms rf ^ fa 

(4)»» covered up in the final farms of ntx^. We shall find 0 2 first 
Let us consider the case that the polynomial g/x^j, . . . .x J 

Kfo^^iC*^/**! ■ • ^ioi>^i C5)" | s homogeneous of degree 4. There are 

u - „ ... ♦ / / \i (n(n+lXn+2Xn+3)V4! monomials of degree 4 inn variables. 

Let us count the number of terms m the sets {r^xj} ^ ^ * ^ewtan of the space of the possible polyno- 

s/ Xl )}=2 we have 100 terms for s^x,). For j=3. we have Equation <?)♦. 

100 terms for s 3 (xj and lOOterms for r„ coaUnuously. for * g ^J^. ±> a lower ^ 

j=101 we have 100 terms for s l0l (x t ) and 9 900 terms for n.J^er t of the possible q, in (3)". Assume we 

• • Jjoi i^ T^lly. there are possibly SO^OOO terms sepualc ^ varia51e x ^ . ^ u blocks of 8 variables 

in the sets {r^Ms/x^}^^^ 45 an 7 0DC 12 variabl * s . coosiaer the following 

sible 0j is greater man 2 =10 " 13W The inverse n is of , 

the following form; *^ 

JT^i^rV 1 ^/^ " 50 ^ numbcr of aupossible similar expressions is 8 72 4 4. The 

Note mat it follows from Remark 2 that each polynomial corresponding one for ^ J^tf 12 
« - l fv^ of variable v v is of decree >99 f l for Therefore we have t^(10O!/8! u 12!K81/2 6 ) ,, (12!/2 7 3)2 

£l W . .1^^ (100«/*»12'^ In other 

Furthermore, it follows from Corollary 2 that it is easy to words * * 81 least 10 V 4 *" for a fast computer to just 

recover x'„ . . . Jt' 101 from V. y\ 01 for the legitimate 55 look at & «s*s- . ^ ^ 

user who knows 0 < 4 > ™* Newton Polyhedron Method is to study the 

convex hall of me set of me exponents of non-zero terms of 
Cryptoanalysis for the System f/ hi n-dimensional space. This method may provide valu- 

able informations about the polynomials f,. Many data are 
It is not expensive for the legitimate user to select n. m. ^ ^ov^ 5y mc nuID ber of appearances of variables x y mod 
s.t.h^p^. q^. the tame automoipmsmn. and to construct me 2 in f r From those data we may speculate about the 

inverse map TC l =fi- l 0- 1 (cf Corollary 2). the polynomials polynomial q^Kx^j * 101 ). In our example, those data 

f, for i=L n. are hidden. 

The expense to the sender is mainly in evaluating poly- Signatures, 
normals //=f ( (xV . . . XJ. 65 Since we use automorphisms Jt. then given any 

There are four ways to attack the system. (1) let x f be y\y 2 the legitimate user can easily produce 

polynomials of y ( with ^determinate coefficients. Do x\X 2 X n with x'^yV) as the digital signature. 
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The Public Key Scheme 

We will enhance the above method of the tame automor- 
phisms to produce the following Public Key Scheme (see 
section [3]). One of the advantages is that ail polynomials 
involved are quadratics. To this end we will first discuss the 
following technical section [2]. 

[2] Two Concepts, 

Let hj. . . . -h, be polynomials in variables x x . . . - If 
we consider polynomials in h l% . . . Ji r then some form* r. 
in x^ . . . Jt r may be the highest degree forms of a 
polynomial Q in h,. . . . *b r We shall have the following 
definition. 

DEFINITION. Let r^, . . . Jt, ) be a form. Let the 
generating degree, in symbol gendeg(r) 4 be the minimal 
degree of Q(h v . . . Ji,) such that 

f^M*!' . . . . . . . . - ^)>=H-iw#r tttms 

If the above conditions are satisfied, then Q is called a 
(minimal) generating polynomial of r. If there is no such 
polynomial Q. then we define geudeg(r)=ce. 

EXAMPLE 1 

Let the field K be of 2 m elements. t=16 and s=27. Let 
hj=x t x 2 ; 



0250 

8 

Then the following Q is a generating polynomial of x 2 16 of 
degree 8 in h ( . 

The following example will be used later. 

EXAMPLE 2 

10 

Let the field K be of 2 m elements. Let 



20 

25 Then the following P is the minimal defining polynomial of 
the above polynomials over K. 

30 ^,vA) 

Note that it is of degree 9. 

Remark 6: The polynomials QP will be used to construct 
a public key scheme in the next section. The security of the 
35 scheme depends on the degrees QJ> and their complexities. 
However, the degrees of Q,P can be increased easily by the 
technique of the two examples. Therefore, any attack based 
on the degrees QJ> being 8,9 would not be taken seriously. 

Let us introduce a new number as follows. Let be a 

40 polynomial of (Xj jO with degree form q,. Let us define 

the diffdim (h,HHm (the vector space generated by {aq/ 
ax/ j=L . . . . t}). Note mat diffdim h ,=0.2.4 in our previous 
examples. 

{3] Scheme. 

45 Any pair of polynomials QP similar to the ones in the 
previous section can be used to produce a scheme. Let us 
consider the two example in the previous section and use 
their notations, especially the generating polynomial 
Q(hi h„) and the polynomials h t , . . . i^?. homogenous 

50 polynomials p f . Let n=70. r=30. Let the field K be the 
finite field of 2 m elements. Let us use the following nota- 
tions: we shall separate the indices i=l. ... .64 to the 10 

blocks as l-l. Nl+}+7k where j=l .7 and k=0 8. 

The user selects the following randomly 

55 

ajza/Xj, . . . ji^=hacaY tana involving x, far ... ,70 

Mmrar fonn ia {i„ . . . J**}, for *=£5, . . . JO, 98. 99, 100 

60 y=tium form in \x u . . . far t=65, ... ,70, 98, 99, 100 

The user selects 0 X to be any random invertible linear 
transformation such that 

^ q fa fc^i+limat- forms in {*,, . . . with t^*C, for i, ... ,70 
for t=tll 100 
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The user selects 0 2 .03 to be the tame automorphisms satisfies 
the following conditions (1)M7)* and 0 4 an invertible 
linear transformation satisfying the condition (8)* in the 
following way 













- r^ttX when f=\+/+lK for »=2, . . 




64 






0 3 (x£=a/+0'/tT* fi» 


i=65, ... ,70 










97 




thtxfcx&trft, ^ r=98,99,l00 




(5)* 


s>*(X/)=V for j=2, . . 


. .100. 




(«)• 








(7)* 


K(X i >=* 4 0 3 0 3 0 I (X(>=ItXx i , . . . * lQO l JlA 




<8>* 


field K 


and the 


polynomials 


. . . A 70 )=Jt((X l . 






. ,100 



The 

will be announced publicly. 



Detail Description of the Scheme 

Due to the notations and indices involved in the preceding 
paragraph, we shall write down concrete formula for 0 a as 
follows. 
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02<*a)=«jtPiC*i. • • • 
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Plaintexts. Users and Compactness: 

Let us count the possible number of plaintexts; since the 
number of plaintexts is just the number of choices for 
x\. . . . X 70 . we see that there are 2 70m such plaintexts. To 
have a rich scheme and to prevent the attackers from 
forming tables of plaiatext-cypbertext, and to avoid the 
usage of the following identities over the finite field P" 2 to 
cut down the degrees. 



25 



20 



it is suggested to require ra^20. 

Of equal importance to have a large number of possible 
plaintexts is having lots of possible users. In order to allow 
for many such users, we first get an expression for this 
number in terms of m and 70. This amounts to count the 
number of automorphisms 0 of the form 0=0^0304. 
Assuming that a negligible proportion of these automor- 
phism 0 have more than one representation 0=0 l 0 2 0 3 0 4 0= 
30 tJtf^PV the number of users is asymptotic to (choices for 
0 4 )x(choices for 0 3 )x(choices for 0 2 )x(choices for 0 X ). The 
□umber of invertible linear transformations 0 t is FT^ 
(2r*-iy^ m * n - 1 Y 2 z2 yx>ym . a similar count of terms of 0 4 
shows that the total possible number of users is >2 7953m . 

B follows from Corollary 2 and the preceding conditions 
that we have. 
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40 Since 0 P 0 4 are linear transformations, therefore the theoretic 
total number of terms in tC l is 100 (n i (2 13 +t))/100!>10 234 . 
Note that the form of the map n is not given to the public. 
Without knowing it it is impossible to compute n~ l . 
We will study the compactness of the scheme. It is easy 
45 to see that the number of terms of polynomials of degree 2 
is (71X72)/2!. and we have 100 polynomials, therefore the 
total number of terms is 255.600. Using a simple trick, we 
may reduce the number to 191.988. We believe that the 
numbers may be further reduced. This is the cost to the 
senders. For the legitimate receiver, the number of terms for 

0r l .0 i -\V 1 .0 4 " r k25.<X)O. 

As the technique improves, and new generating polyno- 
mial and defining polynomial QP discovered, the number of 
terms will be reduced 
Error Detecting Function 

Upon receiving the cypertext (yV . . . y 10 o)» * e user 

apply of'flT^r'V 1 10 decode and get (x 1 x lO0 ). If 

one of x 71 , . . . jt 100 is not zero, then there must be an error. 
Master Key Function 

Select a group of indices from 98, 99. 100. Select 0 4 such 
that the corresponding subspace generated by x, with i from 
mis group of indices and the subspace generated by x y - of the 

remaining indices from 1 100 are both invariant The 

original scheme is the master key. Another key can be 
65 produced by deleting all f f with i from this group of indices. 
Another way to produce a master key is to find a poly- 
nomial <Xfj. i n+ ^ # ). such that both it and its 
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specialization Q(f P . . . J^O 0) can be used to of dimensions*!. Let u^Ia^x^ be the partial derivative of u s 

construct public key scheme. Then we require that o\ to keep with respect to x r We have several ways of using the above 
that space {c i c^O. ... ,0} invariant and use the information. 

specialization Xj-»0 for i=o+r+l n+r+s to create a A: Let A, be the 100x100 coefficient matrix (a^J. and 

master key. 5 A=l ul l(X> zA- Let us assume that A is of rank 4 with 

The 'master key-ordinary key' relation can be broken by coefficients linear forms in the variables z, z loo . It 

alternating any one of the 4 linear transformations 0 t .0 4 produces 100 homogenous equations in 100 variables of 
involved. degree 5. It follows from pg 75 of \1 ] that the time required 

Signatures to solve the equations is O(m 2 (100) 2 5 Joo ^m 3 10 3?7 . 

The map it is not an onto map. However, we may restrict 10 g. since the diffdim (vk)=4. for some c^c^c^c,. we 

to a suitable subspace. Let V={(dj d,,0 .0)} where j 5 c ^^-q^ Ld B, be the 100x100 coefficient matrix 

j is a fixed integer less than or equal to 54, say 50. Let ^ 8=1^, 3 cfl. Then B is of rank <100 with 

V=0, -1 (V). We shall require mat 0 4 induces a linear trans- coefficients linear forms in the variables q, . . . .c 3 . It 

formation on W={(e 1 . . . .e,,0 0)}. Let t: (c x produces 5 homogenous equations in 5 variables of degree 

Cy, . . . x 100 )-KCi .c,) be a projection. Then clearly tti 15 100 . ft follows from pg 75 of [7] that the time required to 

in an one to one and onto map from V to the j- dimensional so j YC ^ equations is O(m 2 5 2 (100 25 )). The number is 
affine space. Moreover, the map is tame, and its inverse can snft.SUO 51 ). 

be found if the values (y\ .y' y ) are known. The inverse q : ^ c ^ ^ random tuple (u\. . . . .tT 5 ) from that 

forms a signature. number field The total possibility is 2 3m =10 3 ° if we 

[4] Cryptanalysis fox the Scheme. 20 take m=20. 

L Direct Methods Note that mere are 3 ( 10 7 ) seconds in a year. Let us use 

It is not expensive for the legitimate user to select a f ast computer which operate 10° shift operations a second. 
a^P/y^b,. the tame automorphism n. and to construct an Then it takes abomm^l^.m 2 !^,!© 1 * years respectively 
inverse map tr l =0 1 " l 0 2 " 1 03" t 0 4 " J (cf Corollary 3). the f or mc above method A, B, C to find the quadratic forms, 
polynomials f/x,. . . . J*7o) =n i( x i* ■ • • *7o>& • • • for ^ while this invention has been described as having an 
i=l 100. exemplary design, the present invention may be further 

The expense to the sender is mainly in evaluation poly- modified within the spirit and scope of this disclosure. This 
nomials y*,=f i (x' 1 , . . . Jt^). application is therefore intended to cover any variations. 

There are three direct ways to attack the scheme. (1) use uscs or adaptations of the invention using its general 
the 'inverse formula' for power series to find the polynomial ^ priudples. Further, this application is intended to cover such 
expressions of n _l (cf ]9]). Note that only n is given, and departures from the present disclosure as come within 
there is no way to find iT 1 which does not exist theoretically. fcnown or customary practice in the art to which this inven- 
or (2) let x, be polynomials of y, with ^determinate coef- tion pertains, 
ficicnts. Do enough experiments using x, to determine y > and oproppwrpQ 
then solve the system of linear equations in the indetermi- 35 KnrouiiNi^ 
nate coefficients to find polynomials g or (3) using resultant j L j ABHYANKAR. S. S. and MOH, T. T, Embeddings of 
to the expressions y>f 1 (x\. . . . Xyo) to elirniiiate all x*, the line in the plane. . Journal fur die reine and angewandte 
except one. and recover the expressions of x) in terms of Mathematik., 276 (1975), 148-166. 
y\ /ioo- [2] BAJAJ. C. GARRTTY, T WARREN, J., On the Appli- 

At this moment, the number of terms of the inverse map ^ c^ on of Multi-Equation al Resultants, Purdue University. 
iC l H 10* 54 ) which is beyond reach. The above three meth- pept. of C.S. Technical Report CSD-TR-826 (1988). 
ods are ineffective. The only possible way erf attacking is to ^ BERLEKAMP, E. R, Factoring polynomials over finite 
recover 0, or their equivalent forms. fi^ds. Bell System Tech. J.. 46 (1967). 1953-1859. 

H. Search for the Generating Polynomial [4] BRANDSTROM, H., A public-key cryptosystem based 

Knowing the recipe of the construction of the public key 45 upon ^^0^ over a finite field, Cryptologia, 7 (1983), 
scheme, one may launch a step by step search as follows. We 347-358. 

consider all monomials of some fixed degree of all polyno- [ 5 j BRENT, R, and KUNG. H... Fast Algorithms for 

mials f i I 10 o- It follows from Example X & 2 of section Manipulating Formal Power Series. Journal of ACM,, 25 

4 that we have to consider polynomials of degree 9 or 8 in Number 4 (1978), 581-595. 

fj J 10 o For degree 9, the dimension is C 1O8 9 «4(10 )• 50 [6] BRESINSKY, H.. On Prime Ideals with Generic Zero 

For degree 8, the dimension is =3.26(10 u ). They are beyond x _^u An]£Z ^ Math Soc.. 47 Number 2 (1975). 

the reach of present day computing technology. We may 329-332. 

select Q.P with higher degrees to defend the scheme if [ 7 j canNY. JOHN R, The Complexity of Robot Motion 
necessary. P lannin g The MTT Press. Cambridge. Massachusetts. 

DX Identify Degree Forms 55 iogg, 

We should try to find v^the highest degree forms of jgj COHEN. HENRL A course in Computational Algebraic 
0 2 (x,). Let the highest degree forms of fpu,. Let U={the Number Theory. Spring er-Verlag. Berlin Heidelberg New 
vector space generated by uj. As we pointed out in section y ork Lon< j 0 n Paris Tokyo Hong Kong Barcelona 
4 that the diffdim of some polynomial h, is 4. Then we want Budapest. 1983 

to find suitable numbers {z t z 10O ) such that for some & | 9 j djckeRSON. MATHEW, The inverse of an auto- 
fixed k. raophisra in Polynomial Time. J. Symbolic Computation 

(1992 (13)). 209-220. 

w = l E°w = vi I 10 ) R aDd H - NJJEDERRETTER. Finite fields. 

~ m ~ Addison-Wesley. Reading. Mass.. 1983. 

65 111] HDL. R, On Oyptosystems Based on Polynomials and 
and diffdinXv^^. A necessary condition is that all partial finite Fields. Advances in Cryptology (ftoceedings of 
derivatives, w,. of w with respect to Xj span a vector space EUROCRYFT 84) (1984). 10-15. 
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[ 12] MOIL T. T, On the Classification Problem of Embed- 
ded Li dcs in Characteristic p„ Algebraic Geometry and $tf*#) - •»/ + • - • . *J - >v; 
Commutative Algebra in honor of M. Nagata (1988) VoL <tf J j> = ** + . . - . O - jw 

[13]NAGATiVM..OntheautomorpWsmgroupcfK^ 5 0y = * + ***** - 

Lectures in Mathematics, Tokyo, 1972. (n): <^(xj = = y a ; uxi 
1 14] H. NIEDERRETTER* New Detenninistic Factorization 

Algorithms for Polynomials over Finite Fields. Contem- any linear transformation of the above referenced equations. 

porary Mathematics (Finite Fields), 168 (1993). 25 1-268. where each term of the form h,/x . . . . is a polynomial 

[15] R. L. RIVEST, A. SHAMIR & L. ADUMW LA o{aknoWDOI<kl ^ ^ ^ 

Method for Obtaining Digital Signatures and Public Key , , . „ ^ . J . . 

Cryptosystcms. ACM 21. 120-126 (February 1978). 8 ^ computer system of claim 7 characterized in that 

[ 16] J. HOPCROFT. J. ULLMAN. Introduction to Automata &m* automorphism based algorithm utilizes two encryp- 

Thcory. Languages & Computation, Addison Wesley, ton keys, a Public key n(x^=o k . . . m^x^Xj, . . . jtj 

Reading. Mass.. 1979. and a private key jT 1 ^,"^ - where 0, is a tame 

[17] W. VAN DER KULK. On polynomial rings in two 1 automorphism 

variables,. Nieuw Archief voor Wiskunde. (3). I (1953), 9. The computer system of claim 8 characterized in that 

33-41. the public key is made publicly available. 

What is claimed is: J0 nt computer ^ stem 0 f daim 9 characterized in that 

1. Amethod of dectrorucaily tnmsrmamg messages c^n> maintained privately, 
prising the steps: applying an encryption algorithm to ^ J 

encode a plain text message into a cyphertext message for ™ A method of preserving the integrity and privacy of 
electronic transmission; transmitting the cyphertext message comprising the steps: applying an encryption algorithm 
over an electronic medium; receiving the cyphertcxted mcs- to encode the data into a cyphertext; decrypting the cypher- 
sage; and decrypting the cyphertext message, characterized text data, characterized in the applying and decrypting steps 
in that the encrypting and decrypting steps utilize a tame utilize a tame automorphism based algorithm using a prod- 
automorphism based algorithm using a product of at least uct of at least two automorphism based polynomials as an 
two automorphism based polynomials as an encryption key encryption key and a mapping of the inverse of said encryp- 
and a mapping of the inverse of said encryption key as a tion key as a decryption key in said applying and decrypting 
decryption key in said applying and decrypting steps. steps. 

2. The method of claim 1 characterized in that the tame ^ ^ of claim n characterized in that the tame 
automorphism based algorithm includes an equation of one automoiphism }jmd algorithm includes an equation of one 
of the forms in any order of the variables x,-. . . . x n : of mc f ^ m ^ ^ of mc variaMcs ^ ^. 

<ft W = j, + W„ x.) = y> m ^ + ^ ^ u y . 

any linear transformation of the above mentioned equations, 40 

where each term of the form h^, ... ^ n ) is a polynomial any linear transformation of the above mentioned equations 

of a known order. where eacttem of me form h^x^,, ... jt fl ) is a polynomial 

3. The method of claim 2 characterized in that the tame of a known order. 

automorphism based algorithm utilizes two encryption keys. 13. The method of claim 12 characterized in that the tame 

a public key ttUjH** . . . 0 2 0i(x f MA*i- ... and a 45 autornojphism algorithm utilizes two encryption keys, a 

private key jT^r 1 ^"* . . . 0 k ~\ where each term of the public key nCx,)^ . . . 0 2 0i(x ( )=f < (x 1 jO and a private 

form 0, is a tame automorphism key tT 1 ^, - ^^ 1 . . . 0*~\ where where each terra of the 

4. The method of claim 3 characterized in that the public fofm 0 u a xgjDS automorphism 

key U made publicly avaifcble. 14 . Vhe method of claim 13 characterized in that the 

5. The method of claim 4 characterized in that the private so , . . .... 

key is maintained privately. ^ 15 ***** avadablc ' 

6. A computer system for transmitting electronic mcs- 15. The method of claim 14 characterized in thai the 
sages comprising encoding means for encrypting a plain text private key is maintained privately. 

message into a cyphertext message; and decoding means for i& a. method of verifying the authenticity of a product 

decrypting the cyphertext message, characterized in that said 53 comprising the steps: applying a private key encryption 

encoding means utilizes a tame automorphism based encryp- algorithm to encode a serial number of the product into a 

tion algorithm and the decoding means utilizes* a tame cyphertext; decrypting the cyphertext serial numbers using 

automorphism based decryption algorithm, said tame auto- me pu51ic ^ t0 vcrif y mc authenticity of the product 

morphism based encryption and decryption algorithms using characterized in the applying and decrypting steps utilize a 

a product of at least two autornorphism based polynomials 60 ^ automorphism based algorithm using a product of at 

as an encryption key and a mapping of the inverse of said automorphism based polynomials as an encryption 

enayptton key as a decrypts key in said encoding means ^ of ^ said eoayption key as 

and said decrypting means. * . r ., . . . . _r. r , 

7. The computer system of claim 6 characterized in that a *»*n*«n key in said applying and decrypting steps, 
the tame automorphism based algorithm includes an equa- 63 17 - The method of claim 16 characterized in that the tame 
tion of one of the forms in any order of the variables automoiphism based algorithm includes an equation of one 

of the forms in any order of the variables Xj, . . . Jt n : 
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O): <tvC*a) = + M** ■ • • . *»> = yy- 

(ft Ofaj) = */ ♦ V*>' *m)"7r 

any linear transformation of the above mentioned equations, 
where each term of the form h^x^ — -xj is a polynomial 
of a known order. 

18. The method of claim 17 characterized in that the tame 
automorphism utilizes two encryption keys, a public key 
itjjFtt • - . 0 2 0 l (x t )=f,(x l . . . . jO and a private key 
jt- , =0 1 A 0 J " 1 . , , where where each term of the form 
0 4 is a tame automorphism. 

19. The method of claim 18 characterized in that the 
public key is made publicly available. 

20. The method of claim 19 characterized in that the 
private key is maintained privately. 

21. A method of avoiding unauthorized alteration of data 
in a data storage card comprising the steps: applying the 
private key encryption algorithm to encode the modification 
of data in the data storage card; decrypting the encrypted 
data using the public key. characterized in the applying and 
decrypting steps utilize a tame automorphism based algo- 
rithm using a product of at least two automorphism based 
polynomials as an encryption key and a mapping of the 
inverse of said encryption key as a decryption key in said 
applying and decrypting steps. 

21 The method of Haim 21 characterized in that the tame 
automorphism based algorithm includes an equation of one 
of the forms in any order of the variables x v . . . Jt n : 

(1) : * M** * ■ • ^ =>' : 

(2) : fcfo) *u<** • ■ 

V* = *j + V x » O-yp 

(«): = 

any linear transformation of the above mentioned equations. 

where each term of the form h^x^j .x*) is a polynomial 

of a known order. 

23. The method of claim 22 characterized io that the tame 
automorphism based algorithm utilizes two encryption keys, 
a public key JtCx^ . . . OjO^HXx l .... and a private 
key 7t" 1 =0 l _1 0 3 ~ 1 . . . o A . where where each term of the 
form 0/ is a tame automorphism. 

24. The method of claim 23 characterized in that the 
public key is made publicly available. 

25. The method of claim 24 characterized in that the 
private key is maintained privately. 

26. A method of verifying the identity of the sender of 
electronically transmitted message comprising the steps: 
transmitting one signal from a non-repeating sequence; 
applying a private key encryption algorithm to encode the 
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signal into a cyphertext; decrypting the cyphertext signal 
using a public key. characterized in the applying and 
decrypting steps utilize a tame automorphism based algo- 
rithm using a product of at least two automorphism based 
5 polynomials as an encryption key and a mapping of the 
inverse of said encryption key as a decryption key in said 
applying and decrypting steps. 

27. The method of claim 26 characterized in that the tame 
automorphism based algorithm includes an equation of one 

to of the forms in any order of the variables x t , . . . «x„: 

0* W*t) = ■»/ ♦ *>ti(** • • r = y,; 
<2* to) = *j + Mf» ••■.**) = y*i 

(ft fcO>> = *j + = 

any linear transformation of the above mentioned equations. 

where each term of the form h^x^i jej is a polynomial 

20 of a known order. 

28. The method of claim 27 characterized in that the tame 
automorphism based algorithm utilizes two encryption keys, 
a public key n(x^)=0 k . . . M^x^f^ . . . and a private 
key tc l =0- 1 0^ 1 . . . 0 4 _ \ where each term of the form 0 f 

25 is a tame automorphism, 

29. The method of claim 28 characterized in that the 
public key is made publidy available. 

30. The method of claim 29 characterized in that the 
private key is maintained privately. 

30 31. A method of creating ordinary public key from a 
master public key in a two key encryption system compris- 
ing the steps of replacing a portion of the encryption 
polynomial with zero values, characterized in that the 
encryption polynomial utilizes a tame automorphism based 

35 algorithm using a product of at least two automorphism 
based polynomials as an encryption key and a mapping of 
the inverse of said encryption key as a decryption key in the 
two key encryption system, 

32 The method of claim 31 characterized in that the tame 
automorphism based algorithm includes an equation of one 
of the forms in any order of the variables x,* . . . a R : 

(1) : = *; + M*> * • * . *.) = >/: 

(2) : <M*j) = *2 + • . O = y*: 

45 

(ft W*P = *, + ty*M *J B V 

<M-0=* = y-;«* 

any linear transformation of the above mentioned equations, 

30 where each term of the form h^x^j Jt„) is a polynomial 

of a known order. 

***** 
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